This script checks to see where your email has come from and checks on the internet against DNSBLs to see if it is spammy. Combined with Bayes filtering it does a good job of detecting spam. Installation details are below the script.

{ Choose DNSBLs in the list below (the more you have the slower checking email can be)Embed $dnsbllist "end" dnsbl.sorbs.net,15,0 dnsbl.njabl.org,15,0 list.dsbl.org,15,0 bl.spamcop.net,15,0 sbl-xbl.spamhaus.org,15,0end

{ If headers have changed then delete the message (to ensure they update) and save message:finishup If #PocoScriptMode = 1 Then quit If &leavemessage Then quit DeleteMessage %message SaveMessage %message $CurrentMailbox

{ Inform user timeout value is not an integer >= 1:wrongtimeout Set $message "The " AddStrings $message $PocoScriptName " script has a timeout value that is not an integer >= 1" MessageBox $message Exit

This script is still being tested so if you want to be safe then please test it on a backup installation. The standard Frazmi disclaimer of 'it works for me, it may not work for you' and the Hogyt disclaimer of 'even if it works today, it may not work tomorrow' apply

To set it up (new and easy method from v1.07 onwards):

Create a new script with the code above, call it something like DNSBL.

Create a new filter in Tools->Filters to run the above script (before your junk mail filter in the filter window).

Download runmin.exe and update the path to it in "Setup Script" in Tools->Scripts (it's the first field).

For Win 95, 98, ME: Download nslook.exe from ->this page<- and update the path to it in "Setup Script" in Tools->Scripts (it's the second field). For Win 2K, XP, NT, leave the second field blank (they come with nslookup.exe and don't require this separate download).

When it's working you'll see something like the following when you view the headers of a scanned email:

X-Poco-Spam-DNSBL: Received from IP address (81.51.146.32) Not in spamsources.fabel.dk (+0) Not in cbl.abuseat.org (+0) Not in relays.nthelp.com (+0) Not in dsn.rfc-ignorant.org (+0) Not in ipwhois.rfc-ignorant.org (+0) Found in dnsbl.sorbs.net (+8) Debug - #spamscore 4 #waitattempt 1 #timeout 8

This X-Poco-Spam-DNSBL header lists all the DNSBLs checked along with whether the IP address was found in that DNSBL or not and the score associated with it. You can edit which DNSBLs to check and their spam/ham scores in the section:

If you find the checking too slow then try getting rid of some of the DNSBLs and decreasing the timeout value in "Script Setup". For what it's worth it is scanning all DNSBLs in a few seconds here. I'm not sure what scores are best so they may take some fiddling with.

Last edited by Hogyt on Tue Dec 21, 2004 3:04 am, edited 33 times in total.

Updated to v1.01. It now requires runmin.exe (87kb) to hide the DOS window. Set the path to it in the line Set $runmin "c:\\runmin.exe". An icon flashes up in the system tray but i think thats a lot better than seeing a DOS window. If anyone has a better method for hiding the DOS window then please say

Updated to v1.02, the 'say goodbye to spam' version It now checks multiple RBLs. Be aware that this does make email checks slower. With the 8 RBLs listed it takes about 15 seconds to check each email on my computer so you may want to check less of them (just remove them from the list) - especially if you get lots of email! Remember to set up a filter to increase Pocomails spam score for each of the RBLs.

Updated to v1.04. It now checks the RBLs in parallel. It's about twice as fast as before on my computer, nothing amazing but better nonetheless. Unless there are any bugs i think it's just about finished now.

Edit: I've updated the runmin.exe file to do a better job at hiding the system tray icon (now it quickly appears then disappears) so if anyone is using it please download it again.

Updated to v1.06. v1.05 fixed a small bug. v1.06 needs the updated runmin.exe command, which is now only 3k , runs transparently (no DOS box, no system tray icon) and is lots faster too (takes about 5 secs per email on this machine to run all the RBL checks).

Since i wrote this yesterday it's caught about 40 spam that the Bayesian filters didn't pick up on with zero false positives

There shouldn't be anything flashing in the system tray if you've got the latest runmin.exe (the 3k version) and v1.06 of the script. What OS are you using? I've only tested in on Win XP. Thank you for giving it a try, i hope we can get it working for you

The Bayesian filter would have to pick up on the "Found in ..." text to mark it as spam. If it can do that then that would work but i prefer to assign the score by hand. Also it means you can give different RBLs different scores. In the filter window screenshot at the top you can see i put a score of 2 for the ipwhois.rfc-ignorant.org RBL because i don't consider it as good an indication of spam as the other RBLs which i've given scores of 5.

Updated to v1.07. It is now much easier to install and does not require a filter for each RBL as before. The full instructions are in the first post but essentially all that is required is to create the script, set it up to run as an incoming filter, download the runmin.exe file and edit the script to point to this file.

Edit: Minor update to v1.08, fixing a bug with repeated entries in the header. I think the script is finished unless any more bugs are found!

It's working great for me. Now I wish I could use it to train my Bayesian filters when it is clearly spam as far as rbl is concerned. I can't think of a way to do this. Does anybody know? You can't mark something as junk from within poco script can you? Will moving a message through script to the junk folder have the same effect?